Export (0) Print
Expand All
0 out of 1 rated this helpful - Rate this topic

How to Manage MBAM Administrator Roles

Updated: April 1, 2013

Applies To: Microsoft BitLocker Administration and Monitoring 2.0

After Microsoft BitLocker Administration and Monitoring (MBAM) Setup is complete for all server features, administrative users will have to be granted access to them. As a best practice, administrators who will manage or use Microsoft BitLocker Administration and Monitoring Server features should be assigned to Domain Services security groups, and then those groups should be added to the appropriate MBAM administrative local group.

To manage MBAM Administrator Role memberships

  1. Assign administrative users to security groups in Active Directory Domain Services.

  2. Add Active Directory security groups to the roles for MBAM administrative local groups on the MBAM server for the respective features.

    • MBAM System Administrators have access to all MBAM features in the MBAM Administration and Monitoring website.

    • MBAM Helpdesk Users have access to the Manage TPM and Drive Recovery options in the MBAM Administration and Monitoring website, but must fill in all fields when they use either option.

    • MBAM Report Users have access to the Compliance and Audit reports in the MBAM Administration and Monitoring website.

    • MBAM Advanced Helpdesk Users have access to the Manage TPM and Drive Recovery options in the MBAM Administration and Monitoring website, but are not required to fill in all fields when they use either option.

    For more information about roles for Microsoft BitLocker Administration and Monitoring, see Planning for MBAM 2.0 Administrator Roles.

See Also

-----
You can learn more about MDOP in the TechNet Library, search for troubleshooting on the TechNet Wiki, or follow us on Facebook or Twitter.
-----
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.